Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT

Monday, March 30, 2026 at 11:00 PM UTC·Source: Snyk

Updated: Monday, April 6, 2026 at 12:18 AM UTC

Executive Summary

Meta description: Malicious versions of the Axios npm package (1.14.1 and 0.30.4) were published via a compromised maintainer account, injecting a hidden dependency that deploys a cross-platform remote access trojan. Here's what happened, who's affected, and how to check your exposure.

Analysis

Source Attribution

Originally published by Snyk on Mar 30, 2026.

Related Threats

MEDIUMSupply Chain

Mercor Breach Linked to LiteLLM Supply-Chain Attack

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/mercor-breach-linked-to-litellm-supply-chain-attack-image_small-1-a-31340.jpg" align=right hspace=4><b>AI Dependency Attack Reportedly Exposes Data and Source Code</b><br>A LiteLLM supply-chain compromise enabled attackers to harvest credentials and access internal environments at scale at Mercor. The firm was the first to confirm

2h agoBank Info Security

MEDIUMSupply Chain

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant. "Every package contains three files (package.json, index.js, postinstall.js), has no description, repository,

21h agoThe Hacker News

MEDIUMSupply Chain

Axios npm hack used fake Teams error fix to hijack maintainer account

The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign believed to have been conducted by North Korean threat actors. [...]

1d agoBleepingComputer